[tor-commits] [tor/master] Add test_keygen tests for all log outputs; improve keygen outputs.

nickm at torproject.org nickm at torproject.org
Wed Aug 19 17:37:40 UTC 2015


commit 138b28dc35c96ad4d8206a1e78a75a1072df0aa4
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Aug 6 11:57:00 2015 -0400

    Add test_keygen tests for all log outputs; improve keygen outputs.
---
 src/or/routerkeys.c     |   34 ++++++++++++++++++++++++++++------
 src/test/test_keygen.sh |   20 +++++++++++++++-----
 2 files changed, 43 insertions(+), 11 deletions(-)

diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 478f6c7..125fe75 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -376,7 +376,8 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
           tor_log(severity, LD_OR, "Couldn't repair %s", public_fname);
           goto err;
         } else {
-          tor_log(severity, LD_OR, "Found secret key but not %s. Regenerating.",
+          tor_log(LOG_NOTICE, LD_OR,
+                  "Found secret key but not %s. Regenerating.",
                   public_fname);
         }
       }
@@ -384,12 +385,29 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
   }
 
   /* If the secret key is absent and it's not allowed to be, fail. */
-  if (!have_secret && found_public && !(flags & INIT_ED_KEY_MISSING_SECRET_OK))
+  if (!have_secret && found_public &&
+      !(flags & INIT_ED_KEY_MISSING_SECRET_OK)) {
+    if (have_encrypted_secret_file) {
+      tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
+              "but it was encrypted. Try tor --keygen instead.",
+              secret_fname);
+    } else {
+      tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
+              "but couldn't find it.", secret_fname);
+    }
     goto err;
+  }
 
   /* If it's absent, and we're not supposed to make a new keypair, fail. */
-  if (!have_secret && !found_public && !(flags & INIT_ED_KEY_CREATE))
+  if (!have_secret && !found_public && !(flags & INIT_ED_KEY_CREATE)) {
+    if (split) {
+      tor_log(severity, LD_OR, "No key found in %s or %s.",
+              secret_fname, public_fname);
+    } else {
+      tor_log(severity, LD_OR, "No key found in %s.", secret_fname);
+    }
     goto err;
+  }
 
   /* If the secret key is absent, but the encrypted key would be present,
    * that's an error */
@@ -471,8 +489,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
     goto done;
 
   /* If we didn't get a cert, and we're not supposed to make one, fail. */
-  if (!signing_key || !(flags & INIT_ED_KEY_CREATE))
+  if (!signing_key || !(flags & INIT_ED_KEY_CREATE)) {
+    tor_log(severity, LD_OR, "Without signing key, can't create certificate");
     goto err;
+  }
 
   /* We have keys but not a certificate, so make one. */
   uint32_t cert_flags = 0;
@@ -483,8 +503,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
                          now, lifetime,
                          cert_flags);
 
-  if (! cert)
+  if (! cert) {
+    tor_log(severity, LD_OR, "Couldn't create certificate");
     goto err;
+  }
 
   /* Write it to disk. */
   created_cert = 1;
@@ -674,7 +696,7 @@ load_ed_keys(const or_options_t *options, time_t now)
       if (need_new_signing_key) {
         FAIL("Missing identity key");
       } else {
-        log_warn(LD_OR, "master public key was absent; inferring from "
+        log_warn(LD_OR, "Master public key was absent; inferring from "
                  "public key in signing certificate");
         tor_assert(check_signing_cert);
         id = tor_malloc_zero(sizeof(*id));
diff --git a/src/test/test_keygen.sh b/src/test/test_keygen.sh
index 50d54aa..1005bb8 100755
--- a/src/test/test_keygen.sh
+++ b/src/test/test_keygen.sh
@@ -117,9 +117,11 @@ ME="${DATA_DIR}/case2a"
 SRC="${DATA_DIR}/orig"
 mkdir -p "${ME}/keys"
 cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
-${TOR} --DataDirectory "${ME}" --list-fingerprint && die "Somehow succeeded when missing secret key, certs" || true
+${TOR} --DataDirectory "${ME}" --list-fingerprint > "${ME}/stdout" && die "Somehow succeeded when missing secret key, certs" || true
 check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key"
 
+grep "We needed to load a secret key.*but couldn't find it" "${ME}/stdout" >/dev/null || die "Tor didn't declare that it was missing a secret key"
+
 echo "==== Case 2A ok"
 fi
 
@@ -133,11 +135,13 @@ SRC="${DATA_DIR}/encrypted"
 mkdir -p "${ME}/keys"
 cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
 cp "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/"
-${TOR} --DataDirectory "${ME}" --list-fingerprint && dir "Somehow succeeded with encrypted secret key, missing certs"
+${TOR} --DataDirectory "${ME}" --list-fingerprint > "${ME}/stdout" && dir "Somehow succeeded with encrypted secret key, missing certs"
 
 check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key"
 check_files_eq "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/ed25519_master_id_secret_key_encrypted"
 
+grep "We needed to load a secret key.*but it was encrypted.*--keygen" "${ME}/stdout" >/dev/null || die "Tor didn't declare that it was missing a secret key and suggest --keygen."
+
 echo "==== Case 2B ok"
 
 fi
@@ -230,10 +234,12 @@ SRC="${DATA_DIR}/encrypted"
 
 mkdir -p "${ME}/keys"
 cp "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/"
-${TOR} --DataDirectory "${ME}" --list-fingerprint && die "Tor started with only encrypted secret key!"
+${TOR} --DataDirectory "${ME}" --list-fingerprint >"${ME}/stdout" && die "Tor started with only encrypted secret key!"
 check_no_file "${ME}/keys/ed25519_master_id_public_key"
 check_no_file "${ME}/keys/ed25519_master_id_public_key"
 
+grep "but not public key file" "${ME}/stdout" >/dev/null || die "Tor didn't declare it couldn't find a public key."
+
 echo "==== Case 5 ok"
 
 fi
@@ -248,10 +254,12 @@ SRC="${DATA_DIR}/encrypted"
 mkdir -p "${ME}/keys"
 cp "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/"
 cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
-${TOR} --DataDirectory "${ME}" --list-fingerprint && die "Tor started with encrypted secret key and no certs" || true
+${TOR} --DataDirectory "${ME}" --list-fingerprint > "${ME}/stdout" && die "Tor started with encrypted secret key and no certs" || true
 check_no_file "${ME}/keys/ed25519_signing_cert"
 check_no_file "${ME}/keys/ed25519_signing_secret_key"
 
+grep "but it was encrypted" "${ME}/stdout" >/dev/null || die "Tor didn't declare that the secret key was encrypted."
+
 echo "==== Case 6 ok"
 
 fi
@@ -335,7 +343,9 @@ mkdir -p "${ME}/keys"
 cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
 cp "${OTHER}/keys/ed25519_master_id_secret_key" "${ME}/keys/"
 
-${TOR} --DataDirectory "${ME}" --list-fingerprint && die "Successfully started with mismatched keys!?" || true
+${TOR} --DataDirectory "${ME}" --list-fingerprint >"${ME}/stdout" && die "Successfully started with mismatched keys!?" || true
+
+grep "public_key does not match.*secret_key" "${ME}/stdout" >/dev/null || die "Tor didn't declare that there was a key mismatch"
 
 echo "==== Case 10 ok"
 





More information about the tor-commits mailing list